raccoon | e78b7fbe5ffcb8a1ceb12902a2868709ecdc1ad2f7731073a32c90edbd5be416 | Triage

Sharing

General

Target

e78b7fbe5ffcb8a1ceb12902a2868709ecdc1ad2f7731073a32c90edbd5be416
Size

482KB
Sample

211107-crc4lseagq
MD5

a4abab9eee759ec84563d9135fa250ae
SHA1

a679380de09aa7ace9db85e29a66b9eedabb9c6f
SHA256

e78b7fbe5ffcb8a1ceb12902a2868709ecdc1ad2f7731073a32c90edbd5be416
SHA512

15ebfaabbcd8a8c42098e3d153e02c5730fc0a6ce3923b7191b1421f36d7a1986488094c5a270714f71dcaf74e8830c407bbe47a76e9c5428089f4e5f9687fb9

Score

10^/10

raccoon 243f5e3056753d9f9706258dce4f79e57c3a9c44 stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3

Botnet

243f5e3056753d9f9706258dce4f79e57c3a9c44

Attributes

url4cnc
http://178.23.190.57/agrybirdsgamerept

http://91.219.236.162/agrybirdsgamerept

http://185.163.47.176/agrybirdsgamerept

http://193.38.54.238/agrybirdsgamerept

http://74.119.192.122/agrybirdsgamerept

http://91.219.236.240/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  e78b7fbe5ffcb8a1ceb12902a2868709ecdc1ad2f7731073a32c90edbd5be416
- Size
  
  482KB
- MD5
  
  a4abab9eee759ec84563d9135fa250ae
- SHA1
  
  a679380de09aa7ace9db85e29a66b9eedabb9c6f
- SHA256
  
  e78b7fbe5ffcb8a1ceb12902a2868709ecdc1ad2f7731073a32c90edbd5be416
- SHA512
  
  15ebfaabbcd8a8c42098e3d153e02c5730fc0a6ce3923b7191b1421f36d7a1986488094c5a270714f71dcaf74e8830c407bbe47a76e9c5428089f4e5f9687fb9
Score

10^/10

raccoon 243f5e3056753d9f9706258dce4f79e57c3a9c44 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer